Merge pull request #42 from NoahvdAa/patch-3
Added CSRF protection to file manager.
This commit is contained in:
Daniel Winzen
@ -125,10 +125,18 @@ if(@!ftp_chdir($ftp, $dir)){
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
|
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
ftp_mkdir($ftp, $_POST['name']);
|
ftp_mkdir($ftp, $_POST['name']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
|
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
$tmpfile='/tmp/'.uniqid();
|
$tmpfile='/tmp/'.uniqid();
|
||||||
touch($tmpfile);
|
touch($tmpfile);
|
||||||
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
|
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
|
||||||
@ -136,23 +144,39 @@ if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['delete']) && !empty($_POST['files'])){
|
if(!empty($_POST['delete']) && !empty($_POST['files'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
foreach($_POST['files'] as $file){
|
foreach($_POST['files'] as $file){
|
||||||
ftp_recursive_delete($ftp, $file);
|
ftp_recursive_delete($ftp, $file);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
|
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
foreach($_POST['files'] as $old=>$new){
|
foreach($_POST['files'] as $old=>$new){
|
||||||
ftp_rename($ftp, $old, $new);
|
ftp_rename($ftp, $old, $new);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['rename']) && !empty($_POST['files'])){
|
if(!empty($_POST['rename']) && !empty($_POST['files'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
send_rename($dir);
|
send_rename($dir);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
|
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
$tmpfile='/tmp/'.uniqid();
|
$tmpfile='/tmp/'.uniqid();
|
||||||
foreach($_POST['files'] as $name=>$content){
|
foreach($_POST['files'] as $name=>$content){
|
||||||
file_put_contents($tmpfile, $content);
|
file_put_contents($tmpfile, $content);
|
||||||
@ -167,6 +191,10 @@ if(!empty($_POST['edit']) && !empty($_POST['files'])){
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
$zip = new ZipArchive();
|
$zip = new ZipArchive();
|
||||||
foreach($_POST['files'] as $file){
|
foreach($_POST['files'] as $file){
|
||||||
if(!preg_match('/\.zip$/', $file)){
|
if(!preg_match('/\.zip$/', $file)){
|
||||||
@ -202,6 +230,10 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
|||||||
|
|
||||||
|
|
||||||
if(!empty($_FILES['files'])){
|
if(!empty($_FILES['files'])){
|
||||||
|
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){
|
||||||
|
echo 'Invalid CSRF token, please try again.';
|
||||||
|
exit;
|
||||||
|
}
|
||||||
$c=count($_FILES['files']['name']);
|
$c=count($_FILES['files']['name']);
|
||||||
for($i=0; $i<$c; ++$i){
|
for($i=0; $i<$c; ++$i){
|
||||||
if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){
|
if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){
|
||||||
@ -276,7 +308,7 @@ $dir=htmlspecialchars($dir);
|
|||||||
</head><body>
|
</head><body>
|
||||||
<h1>Index of <?php echo $dir; ?></h1>
|
<h1>Index of <?php echo $dir; ?></h1>
|
||||||
<?php if($dir!=='/'){ ?>
|
<?php if($dir!=='/'){ ?>
|
||||||
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
|
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
$fileurl='A';
|
$fileurl='A';
|
||||||
@ -294,6 +326,7 @@ if($order==='A'){
|
|||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<form action="files.php" method="post">
|
<form action="files.php" method="post">
|
||||||
|
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||||
<input type="submit" name="mkdir" value="Create directory">
|
<input type="submit" name="mkdir" value="Create directory">
|
||||||
<input type="submit" name="mkfile" value="Create file">
|
<input type="submit" name="mkfile" value="Create file">
|
||||||
<input type="text" name="name"><br><br>
|
<input type="text" name="name"><br><br>
|
||||||
@ -420,6 +453,7 @@ function send_rename($dir){
|
|||||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||||
echo '</head><body>';
|
echo '</head><body>';
|
||||||
echo '<form action="files.php" method="post">';
|
echo '<form action="files.php" method="post">';
|
||||||
|
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">';
|
||||||
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
||||||
echo '<table>';
|
echo '<table>';
|
||||||
foreach($_POST['files'] as $file){
|
foreach($_POST['files'] as $file){
|
||||||
@ -438,6 +472,7 @@ function send_edit($ftp, $dir){
|
|||||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||||
echo '</head><body>';
|
echo '</head><body>';
|
||||||
echo '<form action="files.php" method="post">';
|
echo '<form action="files.php" method="post">';
|
||||||
|
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">';
|
||||||
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
|
||||||
echo '<table>';
|
echo '<table>';
|
||||||
$tmpfile='/tmp/'.uniqid();
|
$tmpfile='/tmp/'.uniqid();
|
||||||
|
|||||||
@ -53,6 +53,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
|||||||
}
|
}
|
||||||
if($ok){
|
if($ok){
|
||||||
$_SESSION['hosting_username']=$username;
|
$_SESSION['hosting_username']=$username;
|
||||||
|
$_SESSION['csrf_token']=sha1(uniqid());
|
||||||
session_write_close();
|
session_write_close();
|
||||||
header('Location: home.php');
|
header('Location: home.php');
|
||||||
exit;
|
exit;
|
||||||
|
|||||||
Reference in New Issue
Block a user